Click here to Skip to main content
15,844,364 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi everybody,
My project consist of creating a web-based search application that allows users to search for employees using a Sql database table named "Employee". I have created a page where the user enters search criteria, hit search button a grid view will display results, next to each row found there is a link that lead the user to another page containing detailed information about that Employee, this page is a DetailsView. the 3rd page consist of creating a new employee not found in database. so it also consist of DetailsView. I also have a login Page.
here is the catch: I want to allow everybody to access the search result page (Gridview) but only Admins (who exist in a sql DB table named Roles) have the right to modify data on the DetailsView Detailes info Page, I ve done this using the
DetailsView1.AutoGenerateEditButton = true;
                    DetailsView1.AutoGenerateDeleteButton = true;

but I want restrict regular users from accessing AddNewEmployee Page and Searchresult page with gridview on Edit mode, my login page looks like that:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Web.Security;
using System.Text;
using System.Security.Cryptography;
using System.IO;

namespace Phonebook
    public partial class LoginUser : System.Web.UI.Page
        protected void Page_Load(object sender, EventArgs e)

        public string encryptQueryString(string strQueryString)
            return BLL.Encryption64.Encrypt(strQueryString, "!#$a54?3");

        protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)

            string username = Login1.UserName;
            string pwd = Login1.Password;
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString);
            string sqlUserName = "SELECT UserId, Password FROM Roles ";
            sqlUserName += " WHERE (UserId ='" + username + "')";
            sqlUserName += " AND (Password ='" + pwd + "')";
            sqlUserName += " AND (Admin = 'Y')";
            SqlCommand cmd = new SqlCommand(sqlUserName, conn);
            cmd.Parameters.AddWithValue("@UserId", username);
            cmd.Parameters.AddWithValue("@Password", pwd);

            string currentName;
            currentName = (string)cmd.ExecuteScalar();
            if (currentName != null)
                //AddEmployee AdEmp = new AddEmployee();
                Session["UserAuthentication"] = username;
                Session.Timeout = 1;
                Response.Redirect("~/AddEmployee.aspx?search=" + encryptQueryString(username) + "");
                Session["UserAuthentication"] = "";

I am using login control but not the ASP.NET configuration tool.
Is there any way I can create a login logic that does this? Thank you
Updated 14-Sep-12 10:20am

1 solution

Share this answer
Predator008 14-Sep-12 15:34pm    
I m not using Forms at all I wanna go for Session or queryString to do this. Is it appropriate? or am I going to have a hard time going this way?
I m using a Master Page, I m thinking of using QueryString and check it in this master page and see whether the user is logged in or not? the querystring will be encrypted and contain the username, something like this
[no name] 14-Sep-12 15:57pm    
ok, You can set Some global Variable Value, If User Is Admin And Then Than Check by if Condition

if(global variable=='yes Admin')
//call modified Customer function Here
//Do some Thing Here
Predator008 14-Sep-12 16:02pm    
Could you plz explain that using a concrete example? thanks
[no name] 14-Sep-12 16:28pm    
You Can define Global variable And Set Its Initial Value Say N.
and While authenticate user " string sqlUserName = "SELECT UserId, Password FROM Roles ";
sqlUserName += " WHERE (UserId ='" + username + "')";
sqlUserName += " AND (Password ='" + pwd + "')";
sqlUserName += " AND (Admin = 'Y')";"
U can Also fetch is user Admin? if Yes The Set global Variable to "yes" For Admin
And then u can use this global variable in if condition is quit simple...
Please Let me know ur feedback..

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900